Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Updates to the ACM

- permission set update
- db indexes added
- CFID-135: Added the license file and notice to the ACM code
- Updated vendor cache.
- Fixed remove_permission

Change-Id: Id8b9599de75ae89ffd5f12609b184bbe5cd601a7
  • Loading branch information...
commit de587f409d23ccee58f476856b11a1a310c8c06f 1 parent 2588ce4
@joeldsa joeldsa authored
Showing with 13,408 additions and 13 deletions.
  1. +1 −0  .gitignore
  2. +2 −2 Gemfile.lock
  3. +12,737 −0 LICENSE.TXT
  4. +11 −0 Rakefile
  5. +11 −0 bin/acm
  6. +23 −2 db/migrations/001_initial.rb
  7. +11 −0 lib/acm/api_controller.rb
  8. +11 −0 lib/acm/config.rb
  9. +11 −0 lib/acm/errors.rb
  10. +11 −0 lib/acm/models/access_control_entries.rb
  11. +11 −0 lib/acm/models/acm_common_model.rb
  12. +11 −0 lib/acm/models/members.rb
  13. +11 −0 lib/acm/models/object_permission_set_map.rb
  14. +11 −0 lib/acm/models/objects.rb
  15. +11 −0 lib/acm/models/permission_sets.rb
  16. +11 −0 lib/acm/models/permissions.rb
  17. +11 −0 lib/acm/models/subjects.rb
  18. +11 −0 lib/acm/rack_monkey_patch.rb
  19. +11 −0 lib/acm/routes/access_controller.rb
  20. +11 −0 lib/acm/routes/group_controller.rb
  21. +11 −0 lib/acm/routes/object_controller.rb
  22. +11 −0 lib/acm/routes/permission_set_controller.rb
  23. +11 −0 lib/acm/routes/user_controller.rb
  24. +11 −0 lib/acm/services/access_control_service.rb
  25. +16 −1 lib/acm/services/acm_service.rb
  26. +11 −0 lib/acm/services/group_service.rb
  27. +89 −4 lib/acm/services/object_service.rb
  28. +76 −3 lib/acm/services/permission_set_service.rb
  29. +11 −0 lib/acm/services/user_service.rb
  30. +11 −0 lib/acm/thread_formatter.rb
  31. +11 −0 lib/acm/utils.rb
  32. +11 −0 lib/acm_controller.rb
  33. +11 −0 spec/Rakefile
  34. +11 −0 spec/functional/access_controller_spec.rb
  35. +11 −0 spec/functional/auth_controller_spec.rb
  36. +11 −0 spec/functional/group_controller_spec.rb
  37. +48 −0 spec/functional/object_controller_spec.rb
  38. +11 −0 spec/functional/permission_set_controller_spec.rb
  39. +11 −0 spec/functional/user_controller_spec.rb
  40. +11 −0 spec/spec_helper.rb
  41. +11 −0 spec/unit/group_service_spec.rb
  42. +11 −1 spec/unit/object_service_spec.rb
  43. +31 −0 spec/unit/permission_set_service_spec.rb
  44. +11 −0 spec/unit/user_service_spec.rb
  45. BIN  vendor/cache/ci_reporter-1.6.5.gem
  46. BIN  vendor/cache/ci_reporter-1.7.0.gem
  47. BIN  vendor/cache/sequel-3.31.0.gem
  48. BIN  vendor/cache/sequel-3.32.0.gem
View
1  .gitignore
@@ -1,2 +1,3 @@
.idea/*
cov/
+*.sw*
View
4 Gemfile.lock
@@ -3,7 +3,7 @@ GEM
specs:
SystemTimer (1.2.3)
builder (3.0.0)
- ci_reporter (1.6.5)
+ ci_reporter (1.7.0)
builder (>= 2.1.2)
daemons (1.1.6)
diff-lcs (1.1.3)
@@ -24,7 +24,7 @@ GEM
rspec-expectations (2.8.0)
diff-lcs (~> 1.1.2)
rspec-mocks (2.8.0)
- sequel (3.31.0)
+ sequel (3.32.0)
simplecov (0.5.4)
multi_json (~> 1.0.3)
simplecov-html (~> 0.5.3)
View
12,737 LICENSE.TXT
12,737 additions, 0 deletions not shown
View
11 Rakefile
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'rake'
desc "Run specs"
View
11 bin/acm
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
#!/usr/bin/env ruby
#
ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__)
View
25 db/migrations/001_initial.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
Sequel.migration do
up do
create_table :objects do
@@ -9,6 +20,8 @@
time :created_at, :null => false
time :last_updated_at, :null => false
+ index [:immutable_id], :unique => true
+
end
create_table :permission_sets do
@@ -25,6 +38,7 @@
primary_key :id
foreign_key :object_id, :objects
foreign_key :permission_set_id, :permission_sets
+
end
create_table :permissions do
@@ -46,7 +60,10 @@
time :created_at, :null => false
time :last_updated_at, :null => false
- unique [:object_id, :permission_id, :subject_id]
+ index [:object_id, :permission_id, :subject_id], :unique => true
+ index [:object_id, :permission_id]
+ index [:object_id]
+ index [:subject_id]
end
create_table :subjects do
@@ -58,6 +75,9 @@
time :created_at, :null => false
time :last_updated_at, :null => false
+
+ index [:immutable_id, :type]
+ index [:immutable_id], :unique => true
end
create_table :members do
@@ -68,7 +88,8 @@
time :created_at, :null => false
time :last_updated_at, :null => false
- unique [:group_id, :user_id]
+ index [:group_id, :user_id], :unique => true
+ index [:group_id]
end
end
View
11 lib/acm/api_controller.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/errors'
require 'acm_controller'
require 'acm/routes/object_controller'
View
11 lib/acm/config.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require "logger"
require "securerandom"
require "sequel"
View
11 lib/acm/errors.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
# Default error classes for the ACM
module ACM
View
11 lib/acm/models/access_control_entries.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'sequel'
require 'acm/models/acm_common_model'
View
11 lib/acm/models/acm_common_model.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
module ACM::Models
module Common
View
11 lib/acm/models/members.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/models/acm_common_model'
require 'sequel'
View
11 lib/acm/models/object_permission_set_map.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'sequel'
module ACM::Models
View
11 lib/acm/models/objects.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/models/acm_common_model'
require 'acm/models/permission_sets'
require 'acm/models/access_control_entries'
View
11 lib/acm/models/permission_sets.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/models/acm_common_model'
require 'sequel'
require 'json'
View
11 lib/acm/models/permissions.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/models/acm_common_model'
require 'sequel'
View
11 lib/acm/models/subjects.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/models/acm_common_model'
require 'sequel'
require 'json'
View
11 lib/acm/rack_monkey_patch.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
# For an explanation, see http://xampl.com/so/2009/12/16/rubyrack-and-multiple-value-request-param-pain-—-part-one/
require 'rack'
View
11 lib/acm/routes/access_controller.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'sinatra/base'
module ACM::Controller
View
11 lib/acm/routes/group_controller.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'sinatra/base'
module ACM::Controller
View
11 lib/acm/routes/object_controller.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'sinatra/base'
require 'json'
View
11 lib/acm/routes/permission_set_controller.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'sinatra/base'
module ACM::Controller
View
11 lib/acm/routes/user_controller.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'sinatra/base'
module ACM::Controller
View
11 lib/acm/services/access_control_service.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/services/acm_service'
require 'acm/models/subjects'
require 'acm/models/members'
View
17 lib/acm/services/acm_service.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
module ACM::Services
@@ -8,6 +19,10 @@ def initialize
end
+ def get_option(map, key)
+ map[key].nil? ? nil : map[key]
+ end
+
end
-end
+end
View
11 lib/acm/services/group_service.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/services/acm_service'
require 'acm/models/subjects'
require 'acm/models/members'
View
93 lib/acm/services/object_service.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/services/acm_service'
require 'acm/models/objects'
require 'acm/models/permission_sets'
@@ -223,10 +234,6 @@ def get_subject(subject_id)
subject
end
- def get_option(map, key)
- map[key].nil? ? nil : map[key]
- end
-
def add_subjects_to_ace(obj_id, permissions, subject_id)
if(subject_id.nil?)
@@ -382,6 +389,84 @@ def remove_permission(obj_id, permission, user_id)
object.to_json
end
+ def remove_subjects_from_ace(obj_id, permissions, subject_id)
+
+ user_json = @user_service.find_user(subject_id)
+ if(user_json.nil?)
+ @logger.error("Failed to find the subject #{subject_id}")
+ raise ACM::ObjectNotFound.new("Subject #{subject_id}")
+ else
+ @logger.debug("Found subject #{user_json.inspect}")
+ end
+ subject = Yajl::Parser.parse(user_json, :symbolize_keys => true)
+
+ object = nil
+ if(permissions.respond_to?(:each))
+ ACM::Config.db.transaction do
+ permissions.each { |permission|
+ object = remove_permission(obj_id, permission, subject[:id])
+ }
+ end
+ else
+ object = remove_permission(obj_id, permissions, subject[:id])
+ end
+
+ object
+ end
+
+ def remove_permission(obj_id, permission, user_id)
+ @logger.debug("removing permission #{permission} on object #{obj_id} from user #{user_id}")
+
+ #TODO: Get this done in a single update query
+ #Find the object
+ object = ACM::Models::Objects.filter(:immutable_id => obj_id.to_s).first()
+ @logger.debug("requested object #{object.inspect}")
+ if(object.nil?)
+ @logger.error("Could not find object #{obj_id.to_s}")
+ raise ACM::ObjectNotFound.new("Object #{obj_id}")
+ end
+
+ #Find the requested permission only if it belongs to a permission set that is related to that object
+ requested_permission = ACM::Models::Permissions.join(:permission_sets, :id => :permission_set_id)
+ .join(:object_permission_set_map, :permission_set_id => :id)
+ .filter(:object_permission_set_map__object_id => object.id)
+ .filter(:permissions__name => permission.to_s)
+ .select(:permissions__id, :permissions__name)
+ .first()
+ @logger.debug("requested permission #{requested_permission.inspect}")
+
+ if(requested_permission.nil?)
+ @logger.error("Failed to remove permission #{permission} on object #{obj_id} for user #{user_id}. Could not find permission #{permission}")
+ raise ACM::InvalidRequest.new("Failed to remove permission #{permission} on object #{obj_id} for user #{user_id}")
+ end
+
+ #find the subject
+ subject = ACM::Models::Subjects.filter(:immutable_id => user_id.to_s).first()
+ @logger.debug("requested subject #{subject.inspect}")
+ if(subject.nil?)
+ @logger.error("Could not find subject #{user_id.to_s}")
+ raise ACM::InvalidRequest.new("Could not find subject #{user_id.to_s}")
+ end
+
+ ACM::Config.db.transaction do
+ ace_to_be_deleted = object.access_control_entries.select{|ace| ace.permission_id == requested_permission.id && ace.subject_id == subject.id}.first()
+
+ @logger.debug("ace_to_be_deleted #{ace_to_be_deleted.inspect}")
+
+ if(ace_to_be_deleted.nil?)
+ @logger.error("Could not find an access control entry for that object and permission matching the subject requested")
+ raise ACM::InvalidRequest.new("Could not find an access control entry for the object #{object.name} and permission #{requested_permission.name}")
+ else
+ ace_to_be_deleted.destroy()
+ end
+
+ @logger.debug("ace count for object #{object.id} are #{ACM::Models::AccessControlEntries.filter(:object_id => object.id).count().inspect}")
+ end
+
+ object = ACM::Models::Objects.filter(:id => object.id).first()
+ object.to_json
+ end
+
def read_object(obj_id)
@logger.debug("read_object parameters #{obj_id.inspect}")
object = ACM::Models::Objects.filter(:immutable_id => obj_id).first()
View
79 lib/acm/services/permission_set_service.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/models/permission_sets'
module ACM::Services
@@ -44,8 +55,48 @@ def create_permission_set(opts = {})
ps.to_json
end
- def get_option(map, key)
- map[key].nil? ? nil : map[key]
+ def update_permission_set(opts = {})
+ @logger.debug("update permission_set parameters #{opts}")
+
+ name = get_option(opts, :name)
+ if(name.nil?)
+ @logger.error("Failed to update a permission set. No name provided")
+ raise ACM::InvalidRequest.new("Missing name for permission set")
+ end
+
+ permissions = get_option(opts, :permissions)
+ additional_info = get_option(opts, :additional_info)
+
+ ps = ACM::Models::PermissionSets.find(:name => name.to_s)
+
+ begin
+ ACM::Config.db.transaction do
+ ps.save
+
+ ps.permissions.each { |existing_permission|
+ existing_permission.destroy()
+ }
+
+ if(!permissions.nil?)
+ permissions.each { |permission|
+ ACM::Models::Permissions.new(:permission_set_id => ps.id, :name => permission.to_s).save
+ }
+ end
+ end
+ rescue => e
+ @logger.error("Failed to update the permission set#{e}")
+ @logger.debug("Failed to update the permission set #{e.backtrace.inspect}")
+ if (e.kind_of?(ACM::ACMError))
+ raise e
+ else
+ @logger.error("Unknown error #{e}")
+ raise ACM::SystemInternalError.new(e)
+ end
+ end
+
+ @logger.debug("Updated permission set is #{ps.inspect}")
+
+ ps.to_json
end
def read_permission_set(name)
@@ -62,6 +113,28 @@ def read_permission_set(name)
permission_set.to_json()
end
+ def add_permission_to_permission_set(permission_set_name, permission)
+ @logger.debug("read_permission_set parameters #{permission_set_name}, #{permission}")
+ permission_set = ACM::Models::PermissionSets.filter(:name => name.to_s).first()
+
+ if(permission_set.nil?)
+ @logger.error("Could not find permission set with id #{name.inspect}")
+ raise ACM::ObjectNotFound.new("#{name.inspect}")
+ else
+ @logger.debug("Found permission set #{permission_set.inspect}")
+ end
+
+ if(!permission_set.permissions.include? permission)
+ #Find which set includes that permission
+
+ #Remove the permission from that set
+
+ #Include it in the new permission set
+ end
+
+ read_permission_set(permission_set_name)
+ end
+
end
-end
+end
View
11 lib/acm/services/user_service.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/services/acm_service'
require 'acm/models/subjects'
View
11 lib/acm/thread_formatter.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
class ThreadFormatter
FORMAT = "%s, [%s#%d] [%s] %5s -- %s: %s\n"
View
11 lib/acm/utils.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
# Copyright (c) 2009-2011 VMware, Inc.
def create_pid_file(pidfile)
# Make sure dirs exist.
View
11 lib/acm_controller.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require 'acm/rack_monkey_patch'
require "acm/config"
View
11 spec/Rakefile
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require "rake"
require "tempfile"
View
11 spec/functional/access_controller_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require "rack/test"
View
11 spec/functional/auth_controller_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require "rack/test"
View
11 spec/functional/group_controller_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require "rack/test"
View
48 spec/functional/object_controller_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require "rack/test"
@@ -741,6 +752,42 @@ def app
(updated_object[:acl][:write_appspace].include? ("u-#{@user2}")).should_not be_true
updated_object[:id].should eql(@object[:id])
updated_object[:permission_sets].should eql(@object[:permission_sets])
+ updated_object[:additionalInfo].should eql(@object[:additionalInfo])
+ end
+
+ it "should remove an ace for a subject when a permission has been deleted" do
+ basic_authorize "admin", "password"
+
+ delete "/objects/#{@object[:id]}/acl?id=u-#{@user1}&p=read_appspace", {}, { "CONTENT_TYPE" => "application/json" }
+ @logger.debug("delete /objects/#{@object[:id]}/acl?id=u-#{@user1}&p=read_appspace last response #{last_response.inspect}")
+ last_response.status.should eql(200)
+ last_response.original_headers["Content-Type"].should eql("application/json;charset=utf-8, schema=urn:acm:schemas:1.0")
+ last_response.original_headers["Content-Length"].should_not eql("0")
+
+ updated_object = Yajl::Parser.parse(last_response.body, :symbolize_keys => true)
+ last_response.original_headers["Location"].should eql("http://example.org/objects/#{updated_object[:id]}")
+
+ (updated_object[:acl][:read_appspace].include? ("u-#{@user1}")).should_not be_true
+ updated_object[:id].should eql(@object[:id])
+ updated_object[:permission_sets].should eql(@object[:permission_sets])
+ updated_object[:additionalInfo].should eql(@object[:additionalInfo])
+ end
+
+ it "should remove the required aces for a subject when a set of permission has been deleted" do
+ basic_authorize "admin", "password"
+
+ delete "/objects/#{@object[:id]}/acl?id=u-#{@user1}&p=read_appspace", {}, { "CONTENT_TYPE" => "application/json" }
+ @logger.debug("delete /objects/#{@object[:id]}/acl?id=u-#{@user1}&p=read_appspace last response #{last_response.inspect}")
+ last_response.status.should eql(200)
+ last_response.original_headers["Content-Type"].should eql("application/json;charset=utf-8, schema=urn:acm:schemas:1.0")
+ last_response.original_headers["Content-Length"].should_not eql("0")
+
+ updated_object = Yajl::Parser.parse(last_response.body, :symbolize_keys => true)
+ last_response.original_headers["Location"].should eql("http://example.org/objects/#{updated_object[:id]}")
+
+ (updated_object[:acl][:read_appspace].include? ("u-#{@user1}")).should_not be_true
+ updated_object[:id].should eql(@object[:id])
+ updated_object[:permission_sets].should eql(@object[:permission_sets])
updated_object[:additional_info].should eql(@object[:additional_info])
end
@@ -780,6 +827,7 @@ def app
updated_object[:additional_info].should eql(@object[:additional_info])
end
+
it "should return an error when trying to remove a non-existent permission" do
basic_authorize "admin", "password"
View
11 spec/functional/permission_set_controller_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require "rack/test"
View
11 spec/functional/user_controller_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require "rack/test"
View
11 spec/spec_helper.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
$:.unshift(File.expand_path("../../lib", __FILE__))
ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__)
View
11 spec/unit/group_service_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require 'acm/services/group_service'
View
12 spec/unit/object_service_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require 'acm/services/object_service'
@@ -567,7 +578,6 @@
end
end
-
describe "updating an entire object" do
before (:each) do
View
31 spec/unit/permission_set_service_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require 'acm/services/permission_set_service'
@@ -68,6 +79,26 @@
end
+ describe "updating a permission set" do
+ before(:each) do
+ @permission_set_service = ACM::Services::PermissionSetService.new()
+
+ @logger = ACM::Config.logger
+
+ @ps_json = @permission_set_service.create_permission_set(:name => :app_space,
+ :permissions => [:read_appspace, :update_appspace, :delete_appspace],
+ :additional_info => "this is the permission set for the app space"
+ )
+
+ @ps = Yajl::Parser.parse(@ps_json, :symbolize_keys => true)
+
+ end
+
+ it "should update a permission set that is not referenced by any objects and return the updated json"
+ it "should update a permission set that has references to objects and return the updated json"
+
+ end
+
describe "reading a permission set" do
before(:each) do
View
11 spec/unit/user_service_spec.rb
@@ -1,3 +1,14 @@
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+
require File.expand_path("../../spec_helper", __FILE__)
require 'acm/services/user_service'
View
BIN  vendor/cache/ci_reporter-1.6.5.gem
Binary file not shown
View
BIN  vendor/cache/ci_reporter-1.7.0.gem
Binary file not shown
View
BIN  vendor/cache/sequel-3.31.0.gem
Binary file not shown
View
BIN  vendor/cache/sequel-3.32.0.gem
Binary file not shown
Please sign in to comment.
Something went wrong with that request. Please try again.